Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12770 | 5 Canonical, Debian, Fedoraproject and 2 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2023-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||||
| CVE-2019-2054 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2023-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 | |||||
| CVE-2019-7222 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2023-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. | |||||
| CVE-2018-20584 | 3 Debian, Jasper Project, Oracle | 3 Debian Linux, Jasper, Outside In Technology | 2023-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format. | |||||
| CVE-2021-26277 | 2 Google, Vivo | 2 Android, Frame Service | 2023-02-28 | N/A | 9.8 CRITICAL |
| The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions. | |||||
| CVE-2023-0901 | 1 Pixelfed | 1 Pixelfed | 2023-02-28 | N/A | 5.3 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2021-33949 | 1 Wms Project | 1 Wms | 2023-02-28 | N/A | 9.8 CRITICAL |
| An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function. | |||||
| CVE-2019-15741 | 1 Gitlab | 1 Omnibus | 2023-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation | |||||
| CVE-2022-21216 | 1 Intel | 132 Atom C5310, Atom C5310 Firmware, Atom C5315 and 129 more | 2023-02-28 | N/A | 6.8 MEDIUM |
| Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. | |||||
| CVE-2023-23923 | 1 Moodle | 1 Moodle | 2023-02-28 | N/A | 8.2 HIGH |
| The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | |||||
| CVE-2022-2827 | 1 Ami | 1 Megarac Sp-x | 2023-02-28 | N/A | 7.5 HIGH |
| AMI MegaRAC User Enumeration Vulnerability | |||||
| CVE-2022-45060 | 4 Debian, Fedoraproject, Varnish-software and 1 more | 5 Debian Linux, Fedora, Varnish Cache and 2 more | 2023-02-28 | N/A | 7.5 HIGH |
| An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | |||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2023-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | |||||
| CVE-2022-33183 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | N/A | 8.8 HIGH |
| A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands. | |||||
| CVE-2022-33182 | 1 Broadcom | 1 Fabric Operating System | 2023-02-28 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”. | |||||
| CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2023-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2019-12523 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. | |||||
| CVE-2019-12422 | 1 Apache | 1 Shiro | 2023-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. | |||||
| CVE-2017-5546 | 1 Linux | 1 Linux Kernel | 2023-02-28 | 7.2 HIGH | 7.8 HIGH |
| The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number. | |||||
| CVE-2013-4843 | 1 Hp | 2 Integrated Lights-out 4, Integrated Lights-out Firmware | 2023-02-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors. | |||||